[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Nov 19 20:09:40 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5ea1efad by Moritz Muehlenhoff at 2023-11-19T21:09:16+01:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -545,15 +545,15 @@ CVE-2023-48088 (xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS)
 CVE-2023-48087 (xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /xxl-job ...)
 	NOT-FOR-US: XXL-Job
 CVE-2023-48014 (GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a sta ...)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #1056282)
 	NOTE: https://github.com/gpac/gpac/issues/2613
 	NOTE: https://github.com/gpac/gpac/commit/66abf0887c89c29a484d9e65e70882794e9e3a1b
 CVE-2023-48013 (GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a dou ...)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #1056282)
 	NOTE: https://github.com/gpac/gpac/issues/2612
 	NOTE: https://github.com/gpac/gpac/commit/cd8a95c1efb8f5bfc950b86c2ef77b4c76f6b893
 CVE-2023-48011 (GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a hea ...)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #1056282)
 	NOTE: https://github.com/gpac/gpac/issues/2611
 	NOTE: https://github.com/gpac/gpac/commit/c70f49dda4946d6db6aa55588f6a756b76bd84ea
 CVE-2023-47637 (Pimcore is an Open Source Data & Experience Management Platform. In af ...)
@@ -857,7 +857,7 @@ CVE-2023-47554 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
 CVE-2023-47550 (Cross-Site Request Forgery (CSRF) vulnerability in RedNao Donations Ma ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-47384 (MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contai ...)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #1056282)
 	[bullseye] - gpac <ignored> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/issues/2672
 CVE-2023-47262 (In Abbott ID NOW before 7.1, settings can be modified via physical acc ...)
@@ -1467,7 +1467,7 @@ CVE-2023-36027 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerabi
 CVE-2023-5870
 	{DSA-5554-1 DSA-5553-1 DLA-3651-1}
 	- postgresql-16 16.1-1
-	- postgresql-15 <unfixed>
+	- postgresql-15 <unfixed> (bug #1056283)
 	- postgresql-13 <removed>
 	- postgresql-11 <removed>
 	NOTE: https://www.postgresql.org/support/security/CVE-2023-5870/
@@ -1475,7 +1475,7 @@ CVE-2023-5870
 CVE-2023-5869
 	{DSA-5554-1 DSA-5553-1 DLA-3651-1}
 	- postgresql-16 16.1-1
-	- postgresql-15 <unfixed>
+	- postgresql-15 <unfixed> (bug #1056283)
 	- postgresql-13 <removed>
 	- postgresql-11 <removed>
 	NOTE: https://www.postgresql.org/support/security/CVE-2023-5869/
@@ -1483,7 +1483,7 @@ CVE-2023-5869
 CVE-2023-5868
 	{DSA-5554-1 DSA-5553-1 DLA-3651-1}
 	- postgresql-16 16.1-1
-	- postgresql-15 <unfixed>
+	- postgresql-15 <unfixed> (bug #1056283)
 	- postgresql-13 <removed>
 	- postgresql-11 <removed>
 	NOTE: https://www.postgresql.org/support/security/CVE-2023-5868/
@@ -1946,7 +1946,7 @@ CVE-2023-46676 (Online Job Portal v1.0 is vulnerable to multiple Unauthenticated
 CVE-2023-46483 (Cross Site Scripting vulnerability in timetec AWDMS v.2.0 allows an at ...)
 	NOT-FOR-US: timetec AWDMS
 CVE-2023-46001 (Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g2013208 ...)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #1056282)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2629
 	NOTE: https://github.com/gpac/gpac/commit/e79b0cf7e72404750630bc01340e999f3940dbc4
@@ -1987,7 +1987,7 @@ CVE-2023-45283 (The filepath package does not recognize paths with a \??\ prefix
 	NOTE: https://github.com/golang/go/commit/46fb78168596f7ce8834f528bb0eb9555c08bcae (go1.20.11)
 	NOTE: No security impact for Debian packages, only affects code running on Windows
 CVE-2023-5998 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV.)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #1056282)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://huntr.com/bounties/ea02a231-b688-422b-a881-ef415bcf6113
 	NOTE: https://github.com/gpac/gpac/commit/db74835944548fc3bdf03121b0e012373bdebb3e
@@ -4721,7 +4721,7 @@ CVE-2023-39333
 	NOTE: https://nodejs.org/en/blog/vulnerability/october-2023-security-releases#code-injection-via-webassembly-export-names-low---cve-2023-39333
 	NOTE: https://github.com/nodejs/node/commit/eaf9083cf1e43bd897ac8244dcc0f4e3500150ca
 CVE-2023-5388
-	- nss <unfixed>
+	- nss <unfixed> (bug #1056284)
 	[bookworm] - nss <postponed> (Minor issue, revisit once fixed upstream)
 	[bullseye] - nss <postponed> (Minor issue, revisit once fixed upstream)
 	[buster] - nss <no-dsa> (Minor issue)
@@ -71656,9 +71656,8 @@ CVE-2023-20248
 CVE-2023-20247 (A vulnerability in the remote access SSL VPN feature of Cisco Adaptive ...)
 	NOT-FOR-US: Cisco
 CVE-2023-20246 (Multiple Cisco products are affected by a vulnerability in Snort acces ...)
-	- snort <undetermined>
+	- snort <unfixed> (bug #1056281)
 	NOTE: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3acp-bypass-3bdR2BEh
-	TODO: check, affects Snort 2.x series as well
 CVE-2023-20245 (Multiple vulnerabilities in the per-user-override feature of Cisco Ada ...)
 	NOT-FOR-US: Cisco
 CVE-2023-20244 (A vulnerability in the internal packet processing of Cisco Firepower T ...)
@@ -72103,7 +72102,8 @@ CVE-2023-20032 (On Feb 15, 2023, the following vulnerability in the ClamAV scann
 	NOTE: https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html
 	NOTE: https://github.com/google/security-research/security/advisories/GHSA-r6g3-3wqj-m3c8
 CVE-2023-20031 (A vulnerability in the SSL/TLS certificate handling of Snort 3 Detecti ...)
-	TODO: check
+	- snort <unfixed> (bug #1056281)
+	NOTE: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3-8U4HHxH8
 CVE-2023-20030 (A vulnerability in the web-based management interface of Cisco Identit ...)
 	NOT-FOR-US: Cisco
 CVE-2023-20029 (A vulnerability in the Meraki onboarding feature of Cisco IOS XE Softw ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ea1efad73b67e710782a635244fcc8ff3749135

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ea1efad73b67e710782a635244fcc8ff3749135
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231119/6acb8dad/attachment.htm>

More information about the debian-security-tracker-commits mailing list